Scan Results Review

This section helps you interpret the results of you scans.

Plugin Families and Plugins

The Fudo Enterprise integration can be used to gather credentials for target authentication during credentialed scans via SMB, SSH, Database, vCenter, or Nutanix.

Depending on the credential being used, users can review the scan results and verify whether their scans are successful through the following list of plugins.

Expected plugins showing successful authentication:

  • SSH: “Plugin #141118: Target Credential Status by Authentication Protocol - Valid Credentials Provided.” Expect to see “Proto: SSH” in the output.

  • SSH with escalation: “Plugin #110095: Target Credential Issues by Authentication Protocol - No Issues Found.” When escalation has failed or you have elected to not use escalation, you may see “Plugin #110385: Target Credential Issues by Authentication Protocol - Insufficient Privilege.”

  • Windows: “Plugin #141118: Target Credential Status by Authentication Protocol - Valid Credentials Provided.” Expect to see “Proto: SMB” in the output.

  • Database: “<DATABASE> login possible” - this is several different plugins. For example, “Plugin #91827: Microsoft SQL Server Login Possible” confirms a successful login to a Microsoft SQL Server.

  • VMware vCenter: “Plugin #57400: VMware vSphere installed VIBs”. This plugin reports the installed VIBs collected on a ESXi host after authentication.

  • VMware ESXI: “Plugin #57400: VMware vSphere installed VIBs.” This plugin reports the installed VIBs collected on a ESXi host after authentication.

  • Nutanix Prism Central: “Plugin #160185: Nutanix Data Collection.”

  • Integration Status: “Plugin #204872: Integration Status.” When using one of Tenable's integrations with any PAM Integration, the Integration Status plugin confirms whether credential(s) retrieval was a success or failure.

Debug Log Reporting

Plugin #84239: Debugging Log Report. Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.

The plugins that call the Fudo Enterprise integration are:

  • SSH: ssh_settings.nasl

  • Windows (SMB): logins.nasl

  • Database: database_settings.nasl

  • VMware vCenter: vmware_vcenter_settings.nasl

  • VMware ESXi: vmware_soap_settings.nasl

  • Nutanix Prism Central: nutanix_settings.nasl

When troubleshooting the Fudo Enterprise PAM integration, it can be helpful to examine the debugging logs for the entries related to the specific credential being utilized.

  • SSH: “ssh_settings.nasl~Fudo”

  • Windows (SMB): “logins.nasl~Fudo”

  • Database: “database_settings.nasl~Fudo”

  • VMware vCenter: “vmware_vsphere_vcenter_settings.nbin~Fudo”

  • VMware ESXI: “vmware_soap_settings.nbin~Fudo”

  • Nutanix Prism Central: “nutanix_settings.nasl~Fudo”